--- Log opened Thu Jul 05 00:00:26 2018 00:00 < Johnjay> i assume you're talking about usb adapters 00:00 < Johnjay> yeah that's a good idea 00:03 < drathir> Johnjay: hc xc etc... 00:32 < purpleunicorn> is anyone using cygwin on their windows terminal? If they are, why doesn't it show the dependencies when installing the packages? 00:33 < Johnjay_> windows... terminal? 00:33 < Johnjay_> i think i have msys, not sure about cygwin 00:33 < purpleunicorn> yeah im using windows 00:35 < Johnjay_> i know msys always shows the dependencies, but it uses pacman 00:35 < Johnjay_> i dunno what cygwin uses 00:39 < purpleunicorn> Johnjay_, well i was following someone else's instructions on youtube and they had what i had but it was just a different version because it was a 4 year old video. So I'm guessing maybe they just updated it. 00:41 < Johnjay_> most linux package managers have a way to view dependencies 00:41 < Johnjay_> not sure if that's helpful to you or not. i'd check the arch wiki or askubuntu for specifics 00:45 < purpleunicorn> Johnjay_, thanks, will do 01:01 < spaces> ok I cannot put any sexyness into this channel anymore... my dogs needs it all :P 01:01 < spaces> I call her my hot dog 01:04 <+pppingme> spaces take it to another channel 01:07 < spaces> that I why won't put it in here anymore :) 02:00 < strive> Interesting issue: Win10 host + Win10 VM client on VMWare. Host is pingable, but VM client isn't. What's the deal? 02:01 < Stryyker> Different range? Checked the networking settings in the VMWare product? (they have many and you haven't told us which you're using - I'm guessing Workstation Player) 02:02 < strive> VMware Workstation 14 Player (non-commercial use only), network adapter is bridged. 02:03 < strive> Host IP = 192.168.1.17 :: Client (VM) IP = 192.168.1.20 02:15 < strive> Stryyker: *Update*: Allowed icmp echo request in firewall. All good now. 02:56 < strixdio> hmm, anyone know if a MX64 or MS 220-8 can be reflashed with custom firmware? 05:33 < purpleunicorn> hey anyone here to help me out 05:33 <+pppingme> strixdio I doubt it, in fact, I'd suspect the license agreement forbits you from doing so 05:33 <+pppingme> purpleunicorn just ask your question, don't ask for help 05:34 < purpleunicorn> sorry 05:34 < purpleunicorn> i need help creating my own certificate 05:34 < purpleunicorn> a self-signed certificate 05:35 < purpleunicorn> i downloaded cigwin and im trying to connect to freenode with the certificate but dont know how. I'm using this https://freenode.net/kb/answer/certfp 05:36 < purpleunicorn> I'm using hexchat so im supposed to create a certs directory and don't know how to do that 05:41 < ForexTraderNYC> hi 06:01 < purpleunicorn> pppingme, do you know the answer to my question? 06:02 < drathir> purpleunicorn: isnt their have how to for most clients commonly used? 06:04 < drathir> purpleunicorn: keep on mind to add cert You need first auth as good remember... 06:05 < purpleunicorn> drathir, i know 06:35 < abdulhakeem> I 06:36 < abdulhakeem> I have a home server that I'd like to primarily function as network storage, but also a print server for my USB-only printer and possibly more, different use cases in the future. Would the better choice be FreeNAS or Ubuntu Server? 06:39 < scientes> abdulhakeem, if you are familiar with ubuntu use ubuntu 06:39 < scientes> I use debian for all my servers 06:39 < scientes> you need cups for the printer 06:49 < sammm> hey guys, having a strange issue. a customer reported that a download using an in house method (http/xml to transport binary files) is taking x6 times as long as it should. the issue seems to be related to a cisco netscaler which sits inbetween client/server 06:50 < sammm> the odd part is that lots of the HTTP messages are failing FCS becuase the trailer is being filled with either 0x55 or 0xAA 06:50 < sammm> i have NO idea what would be causing that 06:50 < sammm> has anyone seen something similar 06:50 < sammm> ? 06:54 < Wulf> sammm: "FCS"? 06:54 < grawity> the Ethernet thing, I assume 06:56 < sammm> frame checksum i think it stands for 07:02 < sparrowsword> how can i this kind of info? (latency) from a proxy server to a website/ip? example: Reply from 8.8.8.8: bytes=32 time=108ms TTL=57 (ping) 07:04 < linux_probe> think i;d dtart by looking for a duplex missmatch 07:04 <+pppingme> ping it from the proxy server 07:05 < linux_probe> if no duplex missmatch, suspect cabling, nic or major noise issue :) 07:06 < sparrowsword> +ppingme: how? 07:07 < sparrowsword> tried curling, but it didnt work 07:07 < sparrowsword> using socks5 07:08 < sparrowsword> doesnt ping use icmp and not ports? 07:08 < linux_probe> the above was at sammm 07:13 < sammm> thanks linux_probe 07:14 < sparrowsword> anyone? 07:54 < zeldafan78> I'm getting worried now. I thought that there would be numerous Mailgun alternatives, and I had envisioned making individual provider files for each of them, but now that I really look into it, all the supposed/listed alternatives (that is, a service which lets me send and receive e-mail by paying them and all I want them to do is handle the act of actually sending and receiving and not use any of their custom/vendor-lock-in bullshit) seem to 07:54 < zeldafan78> have even worse (if possible) API documentation, seemingly entirely ignoring the concept of "events" or "incoming e-mails". This is really weird. 08:19 < brahmana> Hi all.. 08:20 < zeldafan78> No replies at all? 08:20 < brahmana> I am sending a HTTP POST request in my Ruby program. The Content-Length is : 12026283 bytes. On the client side I am getting an EPIPE error where as the server seems to have gotten the data. 08:21 < brahmana> This is on an Ubuntu server. 08:21 < brahmana> What could possibly cause the client to get an EPIPE while the server seems to have gotten all the data? 08:23 < brahmana> Correct me if Ia m wrong here, EPIPE would be raised in this case when the client is still trying to write the data while the server has already closed it. 08:26 < GodOfSea> hii 08:27 < GodOfSea> is there a way to run a service that takes a look at the logs and whenever there's a 500 Internal error it sends an email ? 08:29 < brahmana> GodOfSea: What language / framework is the server code in? 08:31 < brahmana> I believe there are several paid services available to do that kind of alerting. If you however want to roll out your own (which I would recommend against), you can definitely write a program to watch the log file and send an email when the contents match the pattern you are looking for. 08:32 < detha> GodOfSea: many ways. from tail -f $logfile | perl -ne 'if / 500 / { ...sendmail... }' to large rsyslog/ELK setups 08:32 < squ> a simple perl script would do 08:33 < brahmana> GodOfSea: Apart from paid services, there are libraries / tools which do the same. You can set them up. As detha mentioned, an ELK setup will do this and a lot more also. 08:33 < squ> brahmana: go away 08:34 < brahmana> squ: ?? 08:34 < GodOfSea> i am using apache as the web server and the application is flask 08:35 < GodOfSea> detha: brahmana squ . 08:35 < GodOfSea> brahmana: paid seriously ? 08:35 < squ> service 08:35 < squ> :) 08:36 < GodOfSea> :P 08:36 < squ> :) 08:36 < squ> :) 08:36 < sammm> set up nagios or something 08:36 < detha> GodOfSea: there are service that you send your logs to, define conditions in some control panel, and they will do the alerting/matching for you yes 08:36 < sammm> otherwise, just tail -f | awk 08:36 < sammm> and whack that into sendmail 08:36 < sammm> as detha said 08:37 < squ> there is a little problem 08:37 < GodOfSea> Thats doable 08:37 < squ> server restart :) 08:37 < sammm> why's that an issue? 08:37 < squ> has to relaunch script 08:38 < squ> and avoid repeated emails 08:38 < detha> squ: don't joke. we had '0 1 * * * root /sbin/service tomcat6 restart' for a long time, because the stupid jvm had memory leaks :p 08:38 < sammm> just never restart lol 08:38 < GodOfSea> I dont really like this idea of sending logs in mail but dev wants it 08:39 < squ> why not 08:39 < GodOfSea> too many emails 08:39 < GodOfSea> :P 08:40 < GodOfSea> I will setup nagios when I setup VPC 08:40 < detha> So don't spend too much effort/money on it, dev will get sick of it after a month and ask for it to be switched off 08:40 < kerframil> not if you use something that maintains a configurable message queue and supports message de-duplication ... such as tenshi 08:41 < GodOfSea> We are open source , so We dont have funds to pay for anything yet 08:41 < GodOfSea> And yeah We could use a sysadmin , right now I am the only one 08:41 < GodOfSea> Take a look openapprentice.org 08:42 < zeldafan78> I thought that there would be numerous Mailgun alternatives, and I had envisioned making individual provider files for each of them, but now that I really look into it, all the supposed/listed alternatives (that is, a service which lets me send and receive e-mail by paying them and all I want them to do is handle the act of actually sending and receiving and not use any of their custom/vendor-lock-in bullshit) seem to have even worse (if 08:42 < zeldafan78> possible) API documentation, seemingly entirely ignoring the concept of "events" or "incoming e-mails". What gives? Got some proper recommendations? 08:43 < squ> I think I've read it 08:43 < GodOfSea> squ: you talking to me ? 08:43 < squ> no 08:44 < GodOfSea> ok :) 09:13 < zeldafan78> Well? Help?? 09:15 < squ> too much text 09:16 < squ> make it short, or ask in parts 09:38 < Atro> i need a stupid check 09:39 < Atro> in what circumstances does a source mac address change? 09:39 < Atro> src ip and dst ip never change 09:39 < Atro> but i know the mac does 09:39 < detha> when a packet goes through a router? 09:39 < ellyacht> tell me how I can setup a secure network when I'm being spied on for having literature and was just in a live session of tails on my laptop not connected to any sort of internet and yet my systems clock was synchronized 09:40 < Atro> detha: yes but i need more specific than that 09:40 < Atro> is it just switching? 09:41 < detha> if a packet is forwarded by a bridge, src mac stays the same. if it is forwarded by a router, src mac changes to the egress interface of the router 09:42 < Atro> forwarded by a router usually means beyond the l2 domain 09:42 < Atro> obviously 09:42 < Atro> thanks detha 10:03 < IamTrying> https://mxtoolbox.com/blacklists.aspx - I see my domain name is there blacklisted. Is there a way to resolve it? 10:09 < IamTrying> spamsources.fabel.dk dev.null.dk shows my ip is blacklisted. how do you un-blacklist? 10:10 < jacekowski> IamTrying: look for the blacklist owner and removal procedure 10:10 < IamTrying> OK thank you. jacekowski 10:11 < IamTrying> jacekowski: this is a ghost owner, now site showing but like ghost: dev.null.dk 10:11 < IamTrying> This is OK https://www.spamsources.fabel.dk/ 10:13 < jacekowski> IamTrying: it's the same black list 10:13 < jacekowski> IamTrying: just different servers hosting it 10:14 < IamTrying> OK - i can request at https://www.spamsources.fabel.dk/ thank you jacekowski 10:14 < jacekowski> IamTrying: so if you get removed from the first one you should disappear from the other one as well 10:14 < IamTrying> OK 10:14 < Maarten> IamTrying, https://www.spamsources.fabel.dk/delist :) - note that this doesn't mean you are off of all blacklists, just that one.... 10:16 < IamTrying> How do i get into a blacklist? We send email using Sendgrid or Mandrill always, where our reputation is high for 11 years 10:16 < Maarten> IamTrying, just in case, check here: https://mxtoolbox.com/blacklists.aspx - it checks against a 100 or so lists.... 10:16 < IamTrying> https://mxtoolbox.com/blacklists.aspx - here i am blacklisted 10:17 < Maarten> IamTrying, could be something as simple as an infected laptop hiding behind the same IP that your mail flow goes through. (Typically, its not a good idea to have users internet traffic flow through the same IP as your SMTP server port, if you have multiple statics award one solely to mail) 10:19 < IamTrying> Maarten: My colleague from Greece does mailing of our company. My partner writers email to enterprises about business deal, I do technical support via email all of us we use Sendgrid/Mandrill SMTP to keep reputation high. Recently got blacklisted. So some of our computer might be infected you guess? 10:20 < jacekowski> sending mass mailings will get you on a blacklist sooner or later 10:21 < Maarten> Could be ONE possible cause, yes.... could also be that your partner's emails have been sent out to thousands and reported by too many people as "spam". 10:22 <+xand> IamTrying: or nobody wants your shit 10:22 <+xand> I mean 10:22 <+xand> your "business deal emails" 10:23 < jacekowski> there is plenty of spam trap emails around 10:23 < jacekowski> if you send even one email to one of those, you get blacklisted instantly 10:23 < jacekowski> no questions asked 10:26 < IamTrying> https://paste.ubuntu.com/p/zpXGtJnHXv/ - this is what i am suggesting to my team make sense? jacekowski, Maarten? 10:26 < IamTrying> xand: i agree. but we send only people who agree to receive we have GDRP law here. 10:29 < Maarten> IamTrying, most business have some form of anti-spam solution for their email..... there could be something in those "business deal" emails that triggers such an anti-spam solution, and depending on how strict it is configured, it may automatically report all incoming email that IS detected as spam. 10:32 < IamTrying> OK - it must be one of our team member who did not followed my instruction of using Mandrill/SMTP instead of local internet supplier. Making sense thanks Maarten 10:48 < Phil-Work> has anyone ever worked for/with SCC in the UK? 11:31 < regdude> anyone familiar with bridge fake routing table? Maybe someone can explain the actual need for it? 11:31 < regdude> fake_rtable 12:06 <+catphish> why would dig return an ip but host not? 12:06 <+catphish> go home linux, you're drunk: https://paste.ubuntu.com/p/8qBKKx2HGH/ 12:06 < detha> broken nsswitch.conf? 12:07 <+catphish> it works now apart from that weird output from host, i guess a cache somewhere 12:08 < Hfuy> Hello. 12:09 < Hfuy> I've set up an auto-forward from a gmail account to a yahoo account, so I can get all my email in one place. Problem is, Yahoo are rejecting it as "Message not accepted for policy reasons," according to an error response I get back at gmail. 12:09 < Hfuy> Presumably they're assuming the auto forward is spam for some reason. Any idea how I could solve this? 12:10 <+catphish> Hfuy: basically you can't :( 12:10 < Hfuy> Pah. What a pain in the cornhole. 12:10 < Hfuy> I wonder if there's a way I can IMAP/POP for similar results. 12:11 < Hfuy> Even be able to send gmail from the yahoo UI. 12:11 <+catphish> email forwarding is permanently broken by things like dmarc, because google are essentially sending an email but pretending it's from someone else 12:11 < Hfuy> Yes I got that impression. 12:11 <+catphish> also, who would choose Yahoo! Mail as their main email account 12:11 < Hfuy> It's rather like the way that FTP is now basically unusable. 12:11 <+catphish> abuse has basically meant email forwarding is no longer viable 12:12 < Hfuy> It's even a pain to set up windows file and print sharing these days, everything's so locked down. 12:12 < Hfuy> Gah, computing was more fun in 1998. 12:12 <+catphish> nah, there was no reddit 12:13 < detha> you say that like it is a bad thing 12:13 <+catphish> it is 12:14 < Hfuy> Apparently I can POP in to gmail. 12:14 < detha> there was usenet. which was the same thing, without the annoying interface and ads 12:15 < Hfuy> But can I POP out of Yahoo... 12:15 < Hfuy> god this is a ridiculous pain 12:22 <+xand> lol yahoo 12:23 < Hfuy> I've been using it since they bought Rocketmail. 12:23 < Hfuy> Yes, that long. 12:23 < Hfuy> In fact I've been using it since before they bought Rocketmail, because I originally signed up to Rocketmail. 12:23 < squ> I couldn't login to gmail without my phone 12:24 < squ> thinking about switching to another service 12:24 <+xand> because of 2fa? 12:24 < squ> (gmail 2-step verification is off, and I never provided it with my phone number, registered when it was beta) 12:24 <+catphish> one of the rubber feet of my keyboard has melted onto my desk :( 12:25 < squ> now I have this situation when I can't sign in with password 12:27 < squ> imagine that 12:27 < squ> can't read your own mail 12:32 < Hfuy> I know what you mean 12:34 < detha> I thought that was yahoo. I had a yahoo email account once, now it won't let me log in any more unless I give it a phone number. No way, and no big loss. 12:35 <+xand> my email is self-hosted 12:35 < squ> xand: I think this is solution 12:35 < Hfuy> I travel quite a bit, so it's nice to have something I can log into from anywhere without going through the whole pop/imap nightmare each time. 12:35 < detha> so is mine. but for use on usenet, yahoo was fine 12:36 < detha> Hfuy: self-host, and set up squirrelmail or so for web access 12:36 < Hfuy> Or just keep using yahoo, which is... fine? 12:36 <+xand> or not 12:36 < Hfuy> there's no way I'm going to go to all that screwing around just to achieve exactly what I have now. 12:36 <+xand> I just IMAP from my phone or thunderbird 12:37 < squ> gandi.net 0.42€ / month for additional mailboxes, 5 by default 12:37 < squ> 50 gb mailbox €2.12 / month 12:37 < Hfuy> the only thing I wish yahoo had that I can't find is the ability to load pop/imap mail from gmail 12:37 < Hfuy> but today is the first time I've ever needed it 12:38 < Hfuy> And I don't really need it. I just have a client who wants people to think I'm their employee. 12:38 < Hfuy> Frankly, fuckem. 13:10 < rhineheart_m> Hello there. Is there a network tool that looks like a cellphone with lan port and wifi capable to check ip address? 13:10 < regdude> is there something that tells the upstream switch not to send traffic to a certain multicast group? Or is it simly IGMP Querier? 13:11 < rhineheart_m> With a diagnostics like ping... 13:11 < regdude> how about an Android with Ethernet adapter? 13:12 < rhineheart_m> I tried searching in the internet...but I only found softwares or apps. 13:12 < rhineheart_m> Oh, yes! 13:12 < rhineheart_m> Or perhaps.. .ethernet adapter for android? 13:12 < regdude> you can a terminal emulator, that has ping 13:13 < regdude> nmap also seems to exist on Android 13:13 < Hfuy> Is it me or is IP networking basically a cluster!"$% that would never be designed the way it is, if we designed it now? 13:13 < regdude> there was this Kali Linux based Android for Nexus tablets, NetCat... something like that 13:13 < Hfuy> It was never designed to do what it's now being asked to do and as a result it's sort of grown and expanded into a horrifically complicated multilayer mess. 13:14 < regdude> its fine 13:14 < Kryczek> rhineheart_m: check IP address of what? 13:14 < regdude> probably if host is alive 13:14 < rhineheart_m> Yes 13:15 < rhineheart_m> Host is alive. 13:15 < Hfuy> Also - holy crap, there's a 32-inch 8K monitor on its way to me :D 13:15 < rhineheart_m> For field workd 13:15 < rhineheart_m> *works... 13:16 < rhineheart_m> Like checking of you are getting a dhcp lease from a particular lan segment. 13:16 < Kryczek> I was going to suggest a Raspberry Pi but in this case yeah smartphone is probably best 13:16 < rhineheart_m> Bringing a laptop is very hassle and takes time to use. 13:31 < _90> https://imgur.com/a/gqFExjM , what to do ? 13:33 < n3t> Read unread mails. 13:34 < Kryczek> _90: is that root shell really in a HTTP tab? 13:37 < Kryczek> I hope that address is really a host-only interface with a typo and not 172-0-101-1.lightspeed.stlsmo.sbcglobal.net. 13:40 < _90> its running inside docker-machine with container of tomcat and java applications 14:00 < maroloccio> Hi. Which book does this channel recommend on Linux networking, specifically routing, please? 14:02 < The_Shadows> book? 14:04 < djph> tanenbaum is the goto ... but "set up a linux router" is pretty much "two NICs, and enabling 'net.ipv4.ip_forward=1' in /etc/sysctl.conf" 14:05 < Dagger> that will only get you v4 :/ 14:05 <+xand> crustyyyyyyy 14:06 < djph> Dagger: ... oops "... netipv4[...] and net.ipv6.conf.all.forwarding=1" 14:06 < djph> xand: #dealwithit :D 14:06 < maroloccio> djph: Tanenbaum's Computer Networks, 5th Edition? 14:07 < djph> think that's the one 14:07 < djph> but, that's the basic goto "networking book" recommended here - and it's not necessarily very specific on any one topic. 14:08 < maroloccio> Sounds good. 14:19 < maroloccio> djph: Thank you. Ordered. 14:44 < WebertRLZ> Hello, i'm looking for some direction on setting up a multi failover IP system 14:45 < WebertRLZ> I guess my best shot is to use keepalived, but I need it to work with 2 floating IP addresses, one on each node so both nodes will receive internet traffic (DNS round-robin) 14:46 < grawity> configure two VRRP instances with different VRIDs and opposite priorities? 14:47 < grawity> like host A has higher priority for instance 1 (address 1), but lower for address 2 14:48 < WebertRLZ> and the opposite on host B, right? 14:48 < grawity> yes 14:50 < WebertRLZ> Thanks grawity I'll try to follow that path :) 15:19 < ouemt> anyone ever played with one of the little TP Link smart switches? 15:20 < MikeSeth> by little do you mean 8 port ones? 15:20 < ouemt> MikeSeth: 5 in this case 15:21 < ouemt> it's a TL-SG105E 15:22 < MikeSeth> that's some unmanaged garbage 15:22 < MikeSeth> wait what 15:22 < ouemt> yeah, but it claims to have a web interface 15:22 < MikeSeth> > ntelligent management via a web user interface and downloadable utility 15:22 < ouemt> yeah 15:22 < MikeSeth> i dont even 15:23 < ouemt> and now you know why I'm here and very confused 15:23 < ouemt> lol 15:23 < MikeSeth> it has VLAN and LAG support it's clearly managed 15:23 < ouemt> it appears to be running a web server, but only serves a blank page 15:24 < ouemt> it won't pull an ip from my dhcp server, I had to hook up a laptop directly and manually set the ip/subnet on the laptop to match 15:24 < MikeSeth> > First of all, check the model of your switch to verify it is web-manageable. Until now, only TP-Link Easy Smart/Unmanaged Pro/Smart/Managed switches are web-manageable. 15:25 < MikeSeth> I always thought tplink was garbage but this really takes the cake 15:26 < ouemt> I'm actually just amused at this point 15:26 < ouemt> I've been using this thing forever as a dumb switch because I needed a few more ports and didn't care (it's at home) 15:27 < ouemt> working on upgrading my home network, updating my diagram and adding model numbers to things, and noticed "Smart" on the front and decided to investigate 15:32 < UncleDrax> Network hardware branding is the same as in many things.. (typical of personal ads for example).. if they have to tell you it's something on the front, it's not that thing at all. 15:32 < UncleDrax> ie: "Smart" switch 15:32 < tbcsj> What about smartphones? 15:32 < UncleDrax> not smart 15:32 < tbcsj> They're pretty smart 15:33 < tbcsj> Or is that the exception that proves the rule 15:33 <+xand> smart means they look nice innit 15:33 < UncleDrax> how are they smart? 15:34 < ouemt> ugghhh... They offer free "managment" software for the unmanaged switch, but it's windows only, and I'm a linux guy. Currently trying to figure out how to convince windows that it really does have only the static IP I'm telling it to have 15:35 <+xand> ewww 15:35 < tbcsj> The textbook answer would be: "using a built-in microprocessor for automatic operation, for processing of data, or for achieving greater versatility" 15:35 < regdude> a smart switch is simply a switch that forwards a packet only to the port where a learned MAC address is located at, does not have to be managed or any other mandatory feature 15:36 < tbcsj> But my answer would be: The current prices of smartphones, really smarts 15:36 < tbcsj> lol 15:36 <+xand> regdude: all switches do that. 15:36 < UncleDrax> nah, i'm using Smart as in the defination of 'intelligence/acumen'. 15:36 < tbcsj> I know 15:37 <+xand> that is what distinguishes them from hubs. 15:37 < tbcsj> I'm being obtuse 15:37 < regdude> of corse, a switch that does not have mac learning is a hub, but when you start buying devices from unknown brands, you can see not only that 15:37 < UncleDrax> regdude: as xand said, that's the defination of a Switch. a Switch is a switch (an L2 forwarding device) a Hub is a hub (an L1 forwarding device) 15:38 < UncleDrax> in netwokring terms, 'smart' usually translates into 'managable' 15:38 < UncleDrax> and usually having featuresets beyond simple bridging 15:39 <+xand> there are some terrible managed ones though yes :( 15:39 < UncleDrax> but really my gripe with 'Smart Switches' is the ones I've encountered usually have some crap-ass WebUI built on top and rename simple things into weird obtuse naming. 15:40 < UncleDrax> like.. make me tick 10 boxes on 4 pages to accomplish the same work as 'switchport mode trunk' or something 15:40 < ouemt> ok, seriously, how do you get windows to not self assign a 169.254.x.x address? 15:40 < UncleDrax> ouemt: give it a real IP.. either statically or DHCP. or disable the NIC. 15:40 < ouemt> I manually set the ip/subnet and when I look at the IPs in powershell it has the one I set and the 169.254 15:40 < UncleDrax> or you want it to default to have no IP if it's can't DHCP? 15:41 < ouemt> UncleDrax: I'm trying to set a manual IP on the same subnet as this "smart" switch so I can try and talk to it's "management" interface 15:41 < ouemt> their software scans whatever subnet it thinks your computer has (no configuration settings available) 15:41 < UncleDrax> I suppose the 'Smart' in 'SmartSwitch' defers to the defination of 'Smart, noun. mental pain or suffering." 15:42 < ouemt> so I manually set 192.168.0.2/24 15:42 < ouemt> yeah, that 15:42 < ouemt> and that sticks, but windows then assigns a 169.254.x.x on top of it 15:43 < ouemt> so the software is scanning the 169.254.x.x subnet, but not 192.168.0.2/24 15:43 < UncleDrax> ya i got no idea.. fortunately never had to muck about in windows enough to force that.. I've never seen that personally. 15:43 < ouemt> I wish WSL had access to the network settings 15:44 < zotune_> netsh interface portproxy add v4tov4 listenport=80 listenaddress=127.0.0.50 connectport=8091 connectaddress=0.0.0.0 <--- listen address can only be on same subnet. is it possible to make it so that it can be anything? 15:45 < nostrora> Hi, what do you think about ipv6 for LAN ? (home network). this is useless ? 15:46 < Dagger> nostrora: is the LAN connected to the internet? 15:46 < Phil-Work> it's useless without an IPv6 WAN 15:46 <+xand> the current version of IP is not useless 15:46 < nostrora> i have ipv6 wan 15:46 < ouemt> my ISP doesn't support ipv6 15:46 < Phil-Work> nostrora, then it's a worthwhile exercise 15:47 < Dagger> if it's part of the internet then it needs v6, like all the other parts of the internet do 15:47 < Phil-Work> but you'll still need to dual stack 15:47 < compdoc> I just got ipv6 working perfectly for the first time 15:47 < nostrora> i mean, all my computer need an ipv6 address ? or only my router 15:47 < Phil-Work> nostrora, all your computers 15:47 < Dagger> all your computers 15:48 < nostrora> Alright, thanks all :) 15:48 < Phil-Work> with IPv6, each device (usually) has a public IP address 15:48 < nostrora> Phil-Work: like before ? without NAT ? 15:48 < Phil-Work> right, no NAT 15:48 < nostrora> it isn't stupid ? :o 15:48 < nostrora> even if there's a lot of ipv6... 15:49 < Dagger> why would it be stupid? 15:49 < Phil-Work> not at the moment 15:49 < Phil-Work> but they said that with IPv4 15:49 < Dagger> using NAT when you don't need to would be the stupid thing 15:49 < nostrora> because we repeat the same pattern of the time with ipv4 and we found ourselves out of address (so creation of NAT) 15:49 < nostrora> ok :) 15:49 < compdoc> exposing your network is stupid 15:50 < Dagger> if you think we're going to run out of v6 in the way we ran out of v4, then you haven't quite gotten your head around how big 2^128 is 15:50 < Dagger> it's not like it's 4x bigger than 2^32. it's rather a lot bigger than that 15:51 < Phil-Work> it does often feel like mistakes with ipv4 allocation weren't learned from 15:51 < nostrora> when ipv4 was created, we never thought we'd get past it. 15:51 < Dagger> they were 15:51 < Phil-Work> appreciate there's a lot of addresses, but they are massively over allocated 15:51 < Dagger> you don't see anybody getting 1/256th of the total v6 space, do you? 15:52 < Phil-Work> right 15:52 < Phil-Work> RIPE gave us a /29 without any justification 15:52 < nostrora> with virtualization of interfaces, micro-services etc. 15:52 < Phil-Work> barely need more than a couple of /48 15:52 < weq> 2^32 = 4,294,967,296 vs 2^128 = 340,282,366,920,938,463,463,374,607,431,768,211,456 15:52 < Dagger> compdoc: yes... but you don't need NAT to avoid that. a firewall does the job 15:52 < UncleDrax> Dagger: nah I think we will exhaust v6. will it be in MY lifetime? prob not. but it's a finite resource and should buy us decades of time to figure out a work around. 15:52 < nostrora> Anyway.. :p thank 15:52 < Dagger> compdoc: in fact you need the firewall even with NAT anyway, so NAT doesn't help on that front 15:53 < Dagger> Phil-Work: and now RIPE won't need to give you any more space for ages 15:53 < compdoc> Dagger, my problem is I understand how nat helps, but dont know everything about ipv6 15:53 < Phil-Work> I hope ages means ever 15:54 < nostrora> ok 15:54 < Phil-Work> I'll be surprised if we could use half a million /48s 15:55 < UncleDrax> I'm sure network admins in the 70s thought the same thing 15:55 < Phil-Work> UncleDrax, this is my point 15:55 < Dagger> compdoc: NAT doesn't really help though. any inbound connections which were possible before you started NATing your outbound connections will still be possible after you start NATing your outbound connections 15:55 < nostrora> exactly... and this is exactly what i mean before 15:56 < Phil-Work> it's like nobody learned the lessons 15:56 < Dagger> if you want to block all inbound connections, you need to use a firewall 15:56 < Dagger> we *did* learn the lessons 15:56 < UncleDrax> but ya.. IPv6 adoption will make people learn to use Firewalls more correctly ;] 15:56 < Dagger> in v4, we allocated /8s to companies. we're not allocating /8s in v6 15:56 < nostrora> UncleDrax: like what ? 15:57 < UncleDrax> ? 15:57 < nostrora> UncleDrax: use firewalls more correctly ? 15:57 < UncleDrax> yes 15:58 < nostrora> UncleDrax: i'm using opnsense 15:58 < UncleDrax> nah I just mean people will have to think about Firewalls to obscure thier LAN-segments.. vs 'trusting' NAT to do that 15:59 < UncleDrax> which requires a bit more thought 15:59 < Dagger> talking in v4-equivalent terms, the standard ISP allocation in v6 is equivlant to 1 v4 IP. the standard end customer allocation is like one *port* of an IP address 16:00 < Dagger> ISPs can expand up to 8 IPs without much justification, and can go up to about 1024 IPs if they're big (maybe 8192 or so for the truely huge ISPs) 16:01 < Dagger> those allocations are nowhere similiar in size to the ones we do in v4 currently 16:02 < Dagger> plus there's a backup plan (five unused /3s) even if we did somehow allocate the whole of the first /3 16:02 < Phil-Work> the problem with v4 allocation was that nobody expected there to be so many devices online 16:02 < Phil-Work> the number of devices we have online now is, I'm sure, tiny as compared to what will be online in 20 or 50 years time 16:03 < nostrora> Phil-Work: +1 16:03 < Dagger> yeah, note that the allocations I was talking about cover *huge* networks each 16:03 < UncleDrax> you really can't think of space usage the same in v4 & v6.. tbh it was hard for me to stop going 'but.. but.. wasted space!' in v6. you allocate by what is sane organizationally. Mom & Pop with 2 computers orders v6 service? they get a /48. Large local govt org orders v6? they get a /48. 16:04 < Phil-Work> I'd not be surprised if every electrical device in your house, every streetlamp across the world, even every wristwatch will have an IP 16:04 < Dagger> you could increase the number of active devices on every single network by a factor of a trillion and you wouldn't need to give anybody bigger allocations at all 16:04 < UncleDrax> i'm sad you limit it to every electrical device. 16:05 < UncleDrax> pretty sure people will at some point include little battery powered ipv6-capable tracking things.. like NFC-type things sooner or later 16:06 < UncleDrax> heck it wasn't that long ago a 2-device Point-to-Point in v6 was recommended to use a full /64 iirc 16:07 < UncleDrax> (thank fsck that went away) 16:07 < Dagger> v6 allocations are based on number of networks, not number of devices, so they scale better with increased numbers of devices 16:07 < Dagger> tl;dr no we're not going to run out of v6 in 50 years, for multiple reasons 16:07 < UncleDrax> ya it's not a thing anyone should be worried about now.. except maybe some IEEE types 16:07 < Phil-Work> I guess that depends what a network is, in 50 years time 16:08 < Phil-Work> I would anticipate there being vastly more smaller networks vs the few large ones that exist now 16:09 < UncleDrax> I would say I eagerly await a highly-fractured IPv6 routing table.. but I won't be working in this field by then so 'not my problem' :] 16:10 < ouemt> this is what I get for trying to teach myself a little more about networking... lol 16:11 < UncleDrax> don't do it! go do something real with your hands. be a baker. feed people. make them happy. 16:11 < ouemt> UncleDrax: I'm a scientist, so it's far too late for that 16:11 < UncleDrax> it's too late for many of us. save yourself 16:12 < bezaban> baking is part chemistry 16:12 < UncleDrax> "part"? pretty sure it's all 16:12 < UncleDrax> it's just practical 16:13 < Phil-Work> UncleDrax, you mean a large IPv6 DFZ? 16:14 < Phil-Work> I don't see that happening unless someone finds something better/more secure than BGP 16:14 < Phil-Work> it's a pain in the arse as it is, with only (relatively) few ASs 16:14 < UncleDrax> nah.. never underestimate the power of the 2 greatest words in the English language. 'De' and 'Fault'. (since it's what we're doing in v4 and it already work in v6) 16:15 < Phil-Work> you lost me 16:15 < UncleDrax> i'm just sorta rambling.. haven't had breakfest yet. soz 16:15 < Phil-Work> lol 16:17 < UncleDrax> I'm also a little confused about the way I'm doing a thing for work that was essentially deligated to me. but the guy that was working on it is out today 16:18 < UncleDrax> 'need more 10G in rack.. I was going to use this switch'.. (that has only 4x 10G ports... when I got some higher density 10G things in the closet) 16:21 < UncleDrax> ok mystery solved. needed MM.. blech 16:24 < iateadonut> i have a site hosted on an aws ec2 instance and i do an 'ab' test on it from the server itself, and that comes back with GREATER times than when i do an 'ab' test from another server. what could cause that? 16:25 < Aeso> iateadonut, CPU load, probably 16:26 < fryguy> iateadonut: what is different with server metrics in each case (cpu/memory/disk) 16:44 < Barones> Hi, what would be signaling in the physical layer? I think I'm miss understanding coding and signaling 16:45 < tbcsj> Barones: NRZ, Manchester 16:45 < tbcsj> etc 16:45 < tbcsj> Coding is how the data is sent across the wire 16:45 < tbcsj> Signalling is "setup" or non-data data 16:46 < tbcsj> If that makes sense 16:46 < tbcsj> >Barones: NRZ, Manchester - sorry that's coding 16:48 < tbcsj> An example of signalling could be start/stop bits 16:48 < tbcsj> e.g. serial TTY can use stop bits 16:48 < ||cw> as simple signaling example would be the RTS and CTS lines on rs232 16:49 < ||cw> wouldn't stop bits be part of the coding? 16:49 < tbcsj> Yeah that's true 16:49 < Barones> hmm, signaling is the indication precedent an event 16:50 < Barones> is not related to convert digital data to digital signal or anything like that 16:57 < Barones> thanks, I think thats it, I was assuming signaling was coding 17:11 < LunaLovegood> How do I set a qdisc to run after another qdisc on the same interfece? I want packets to pass through Codel first, and then TBF for rate limiting. 17:12 < LunaLovegood> Because if I use Codel alone, it will only see the GbE interface and not the 50mbps upload limit on my modem. 17:12 < screwsss> hey 17:13 < screwsss> hows everyone 17:13 < screwsss> i was wondering, can i call up my ISP and ask them to give me a new external IP addresS? 17:13 < LunaLovegood> Or if ther's another way to rate limit Codel that would work too. 17:14 < compdoc> screwsss, not likely, but try it. how about just turning off their modem a day or so? 17:27 < djph> why do you want a different IP? 17:44 < mcdnl> screwsss: your ip is dynamic. reboot your router and you will probably get a new one 17:44 < mcdnl> or as you've been told, shut it down for some time to let the lease expire and try again later 17:44 < ouemt> ok, I'm just confused now... I can ping the switch, see that it's running a webserver, but it won't give me a login page and their utility won't find it 17:45 < djph> ouemt: what switch? 17:45 < ouemt> djph: shitty little tplink TL-SG105E 17:46 < djph> set it on fire and throw it out the window :) 17:46 < ouemt> lol 17:46 < ouemt> it was windows firewall 17:46 < djph> not that that invalidates my solution. 17:47 < ouemt> this entire experience has reaffirmed my feelings that "windows is only for gaming" 17:47 <+xand> ouemt: correct. 17:47 <+xand> and only for those games that people haven't compiled for linux :( 17:47 < superkuh> ouemt, ah, yes, those things. 17:47 < superkuh> You gotta send it some stupid udp stuff using their java program. 17:48 < superkuh> They intentionally borked and obfuscated the webserver. 17:48 < ouemt> yeah 17:48 < ouemt> also: why in the world would dhcp client be disabled by default? 17:48 < ouemt> I've had this thing for about a year and just noticed the word "smart" on the front of it and decided to investigate 17:48 < UncleDrax> signaling at Layer1 would be like Ethernet's Preamble or the Start Frame Delimiter signal 17:48 < UncleDrax> but i guess that convo closed 17:49 < superkuh> http://tplinuxer.blogspot.com/ http://www.file-upload.net/download-10844883/Easy-Smart-Configuration-Utility.tar.gz.html https://www.shredzone.de/cilla/page/383/setting-up-tp-link-tl-sg108e-with-linux.html 17:49 < ouemt> at a minimum I need to change the default password 17:49 < djph> UncleDrax: um, I think that's still L2 17:49 < ouemt> superkuh: yeah, I'm hooked up to it now 17:49 < superkuh> Yep, that's why ... ah okay. 17:49 < ouemt> I had all the pieces but didn't think to check windows firewall 17:50 < superkuh> I basically just set the default pass on my TL-SG108E then left it for dead. The VLAN support it "has" doesn't even block users from sending ARP from vlan to vlan. 17:51 < mcdnl> xand: right now opengl cant beat d3d and vulkan it's not that common 17:52 < ouemt> superkuh: lol 17:52 < ouemt> the point of this is to figure out what I should buy to replace some of this with 17:52 < mcdnl> what 17:52 < ouemt> I'm transition from pure consumer hardware to prosumer/enterprise slowly 17:52 < mcdnl> superkuh: explain "send arp from vlan to vlan" 17:54 < superkuh> I mean someone going through one VLAN with these things can send ARP packets to do poisoning attacks on clients on another VLAN. 17:54 < skyroveRR> Hiya superkuh 17:54 < mcdnl> they're different broadcast domains 17:54 < mcdnl> that makes no sense 17:54 < superkuh> TP-Link "We just don't make sense." 17:55 < skyroveRR> superkuh: so, does your "say" function in your web page invoke a CGI script of some sort? 17:56 < skyroveRR> superkuh: I like your "say" function, would like to know how you've implemented it. 17:56 < superkuh> I wrote a perl script to handle it. It is not a cgi script. 17:56 < skyroveRR> Oh 17:56 < skyroveRR> Can it be done in CGI? 17:56 < superkuh> I'd prefer not to. 17:56 < skyroveRR> Mkay. 17:57 < superkuh> I just have the perl script using POE::Wheel as an event handler for tailing the logs which I parse for comments. 17:58 < superkuh> The perl script then generates and edits the required html in the proper place. 17:58 < skyroveRR> Any "simpler" way, if at all? 17:58 < superkuh> This is the simplest way. 17:58 < skyroveRR> I hate perl. 17:58 < superkuh> CGI is bloat. 17:58 < superkuh> Perl is life. 17:58 < skyroveRR> Wanna recommend a "noob" guide to perl? 17:58 < superkuh> Modern Perl by Chromatic. 17:59 < skyroveRR> PDF or hardcover? 17:59 < superkuh> Yes. 17:59 < skyroveRR> Well? 17:59 < UncleDrax> I still endup looking at my Llama book 18:00 < superkuh> Yeah, I have a real old copy of "Learning Perl". 18:00 < superkuh> My llama book hasn't been cracked in ages though. 18:01 < superkuh> It (Learning Perl) and Modern Perl (by Chromatic) would be a good start. 18:01 < UncleDrax> ya. i go long stints without having to do any real perl, then something breaks and I gotta remember how to do perl-style hashs and stuff again.. so it comes in handy 18:01 < ouemt> oh my god... symantec's firewall is blocking traffic and not logging it 18:01 < UncleDrax> but that said, haveyou already looked at: https://learn.perl.org/ ? 18:02 < skyroveRR> Well I'm trying to figure out what's best first: perl or python? 18:02 < superkuh> I don't think anyone will tell you perl these days. 18:02 < UncleDrax> if you don't know either as of today, I'd probably recommend Python. 18:02 < mcdnl> same here 18:03 < skyroveRR> Should the python site's tutorials suffice? 18:03 < tda> python, just because it's python and everyone should know a little bit of it 18:03 < UncleDrax> it's the newer hotness and there's wide support for it. most ppl think Perl is archaic. I think those people are silly, but they want thier Whitespace to mean something.. so whatever. it's just a tool - why do I care what color plasti-dip the handle has? 18:04 < superkuh> It would not by hard to implement the comment system I use in python. Just watch the logs for new lines, check for a @say or whatever, pull out the path and text, run the text through a santizer that only allows chars matching a safe set, then generate the html at path. 18:04 < tda> the whitespacing is what i don't like about python, but at least it's not as insane as yaml 18:07 < E1ephant> fk yaml 18:07 < UncleDrax> my only 2 gripes about Python (I haven't done that much in it), is the whitespace thing (i like my semicolons tyvm!), and that it seems ppl don't want to migrate/port to py3 still (so sometimes you have to adapt scripts from 2.x -> 3.x ). All said and done those are very minor and don't stop me from the couple times I need to use it 18:09 * superkuh daydreams about a world where Perl 6 never stumbled into existence and perl dominance continued throughout the 2000s. 18:09 < E1ephant> gross 18:09 * E1ephant pukes uncontrollably 18:10 < superkuh> And yet here we are with something even worse: JS/ES. 18:10 < E1ephant> a good carpenter doesn't blame their tools 18:11 < ouemt> I cannot for the life of me figure out what this device on my network is. I'm just going to block all traffic to and from it and see what breaks 18:12 < UncleDrax> in the modern age, most people don't care about good carpentry.. they just want a house up and some IKEA cabinets bolted in. They will move on to a new house in 3-5 years anyway so why do they care if it's of good quality? 18:12 < UncleDrax> ouemt: 'turn it off and see who complains' is sometimes what is required. 18:13 < E1ephant> https://news.ycombinator.com/item?id=2380679 18:13 < UncleDrax> ahhh. valid. i fell into that trap. 18:14 < UncleDrax> but my point about disposible code is still valid in many cases 18:14 < E1ephant> I think it's the same thing with OSes 18:15 < E1ephant> if you have a favorite, you're probably doing it wrong :) 18:15 < E1ephant> know them all, know when to use which L:) 18:15 < UncleDrax> or lack experience.. or simply don't care. 18:16 < UncleDrax> I won't spend time telling a grandmother they must try every major OS so they can pick one that works.. they just want to see baby pictures on FriendFace. 18:16 < E1ephant> yeah grandma should outsource her IT work 18:16 < E1ephant> like most people 18:17 < UncleDrax> genius. think I could make money promising to look at baby pictures for people that are too busy to do it themselves? ;] 18:17 < UncleDrax> thatmight be my retirement gig 18:17 < E1ephant> idk end user work sounds horrid 18:17 < UncleDrax> pft.. i'd automate that 18:18 < drathir> UncleDrax: isnt their school for seniors which learn pc usage ? 18:18 < UncleDrax> anyway. i gotta rack & stack 18:18 < UncleDrax> probably 18:18 < UncleDrax> hf 18:18 < E1ephant> apple seems to have done pretty well in the arena 18:19 < drathir> UncleDrax: also throw linux at least would possible remote fix things ;p 18:19 < drathir> or just android device if not whole pc ;p 19:52 < UncleDrax> well.. i was gonna rack & stack some HW.. but that delightful H2S smell has returned and no way I'm working in there while they work on that stuff 19:54 < devilspgd> Hopefully not too off-topic, but does anyone know of a program that will accept inbound SMTP mail and write to disk without modifying the content? Adding a single Received header could be useful, but I want to avoid modifying any other headers. 19:57 < UncleDrax> did you want to process the message, or just write it to disk? 19:58 < devilspgd> Just write it to disk. 19:59 < UncleDrax> Google spit back out a search result for a 147line python script. I cannot vouch for it, but use at your own risk: https://gist.github.com/maid450/1887132 20:04 < devilspgd> We (A colleague, I think) looked at that one a couple months ago and had some issue with it although he can't recall what the problem was... Naturally the project fell on the back burner and now a couple months later it's my problem. 20:04 < devilspgd> Might look at it again though. 20:05 < UncleDrax> well really you're just accepting a TCP session, complying to some protocol stuff, and taking anything the client sends you and write it to disk. 20:06 < devilspgd> Yeah. It's the complying-to-some-protocol-stuff that can be complicated for a service that is open to the internet. Port 25 gets a lot of scans and other garbage thrown at it. 20:08 < devilspgd> Oh hmm, talking internally, we might need STARTTLS. EU GDPR fallout or something. 20:09 < qman__> socat 20:09 < qman__> It does TLS and can do whatever you want with the payload 20:10 < qman__> Not sure if it has native smtp support but you can emulate the smtp responses in a script and have socat just hand it off 20:10 < devilspgd> qman__: Interesting idea. Looks like there's some SMTP configurations already written too. 20:11 < devilspgd> Yeah. Looks promising, thanks. Hadn't thought of that. 20:11 < devilspgd> I need to read up on dotstuffing and figure out if we need to handle that, but otherwise it might be workable. 20:12 < qman__> I've got a couple http servers that are actually socat and a shell script 20:13 < devilspgd> Appreciated UncleDrax and qman__... I'll figure out just how much we "need" STARTTLS (maybe we can shunt everything over :465 or a VPN) and probably get one or the other working. 20:13 < Sout> so random lurking / bored at work on python3 is the new an improved package http://aiosmtpd.readthedocs.io/ and it supports starttls 20:13 < qman__> Probably not the best solution, but it works and i didn't have to spend time learning a new language 20:14 < devilspgd> qman__: Sometimes "it works" is Good Enough. :) 20:16 < UncleDrax> and if you're honey-potting or something (which seems to be what you're doing) often you don't need too fancy 20:16 < devilspgd> Sout: Thanks. Added to the list to investigate. 20:19 < devilspgd> We're trying to debug an intermittent problem with a third party sender, the idea being we add ourselves to their outbound list. They're doing a few things wrong, at least one of which our regular SMTP server was simply fixing while others were (arguably correctly) rejecting. 20:19 < UncleDrax> ahh gotcha 20:21 < devilspgd> This came back up the priority list because longer term, data retention policies suggest we should retain copies of outbound content (and GDPR says we shouldn't retain it too long), this vendor offers a "Store everything forever" or "Don't keep records" and that's it. So maybe we'll end up re-using this same tool, or maybe we'll just have them send to a local mailbox and we'll archive it from there. 20:21 < devilspgd> Depends how well this project works out. 20:24 < devilspgd> The vendor likely doesn't know what a RFC is and just reverse engineered the SMTP protocol and message format (poorly). Sadly we're stuck with them and really they're "okay" except for their email sending capabilities. 20:24 < devilspgd> But right now I really just want to see exactly what they're sending out, byte for byte, archiving and managing the data is a pipe dream for later. 20:27 < UncleDrax> ya... I'm sure the whole 'using a vendor that doesn't know what an RFC is' thing doesn't escape you and the boat with the 'use a different vendor' option has sailed 20:30 < fly_agaric> hello i cant complete phase 1 vpn after i changed phase 1 lifetime and encryption 20:31 <+catphish_> if you do smtp wrong you get your mail rejected, if your smtp vendor does smtp wrong you gotta hassle them to fix it 20:31 <+catphish_> :( 20:31 <+catphish_> devilspgd: was there a specific problem, i didn't read the backlog 20:33 <+catphish_> devilspgd: oh, you want to capture an smtp message, have you considered just using a packet capture? 20:37 < devilspgd> UncleDrax: Use a different vendor would be great but we're stuck as email is a minor thing that they do and the rest of the capabilities meet the business needs. 20:37 < fly_agaric> i compared Encryption Algorithm, Key Length, Hash Algorithm, Authentication Method, Life Type and Life Duration and all parameters were equal on both sides. the only different parameter in ikev1 phase 1 is Group Description 20:37 < devilspgd> They're receptive to fixing things, but we need to point them out using very short sentences. 20:38 <+catphish_> devilspgd: makes sense, can you send an email to an external address? if so it would be easy to do it that way, else maybe use a packet capture 20:38 < devilspgd> catphish_: Thought about it, but that's hard since we need to decrypt, and nothing actually passes through our network to begin with, they're cloud hosting and we don't host our own email. 20:38 <+catphish_> smtp isn't encrypted, that's what makes it easy :) 20:39 <+catphish_> i suppose it might be using opportunistic encryption, that would make it a bit harder 20:39 < devilspgd> STARTTLS adds encryption and we're not supposed to disable it, legal's position is that if encryption is possible it must be enabled. Not to say that there isn't room for forgetting that for troubleshooting purposes or something, but it's all less than ideal. 20:40 <+catphish_> i'm confused 20:40 <+catphish_> aren't we talking about outbound mail here? 20:40 <+catphish_> but yes, outbound mail may use starttls for opportunistic encryption 20:41 < devilspgd> The vendor sends email, it goes to various recipients (local via our hosted email vendor and directly to customers). Sometimes it gets rejected, and they only log the 4xx or 5xx error code (no text, none of the extended error messages, etc) 20:42 <+catphish_> well the quickest solution i can think of is you could send a test email to me, and i can tell you 20:42 < devilspgd> But it isn't outbound through our network, so ultimately my goal is just to send copies to us (they'll BCC or just add a test address as a recipient) and to see the raw message without a helpful receiving server fixing/modifying headers. 20:43 <+catphish_> there are probably plenty of mail servers that will receive and save your email, but i only know about my own, which isn't trivial to install for a quick test like this 20:43 < devilspgd> Long term it might be nice to archive all of their outbound traffic properly as their existing record keeping isn't GDPR compliant anyway, so this might be a two-birds one-stone solution, but that's a longer term problem and I don't care as much about archiving. 20:44 < devilspgd> But our archiving solution can grab the raw email dumps and ingest them automatically too and it already supports our GDPR compliant retention and deletion schemes. 20:44 <+catphish_> the most gdpr complient option is don't keep anything :) 20:46 < devilspgd> Yeah that's usually our approach. But it is useful for customer service to be able to see what we sent, when, and to forward copies on demand. They can do this with most of our systems, anything at all that passes through our own mail sending infrastructure, so it does make sense to add external senders to this same pool. 20:46 < devilspgd> I'm all about collecting and keeping as little as can be justified though. 20:47 < devilspgd> I'd love to get EU citizenship just so that the GDPR would cover me personally :) 20:47 <+catphish_> i wasn't aware citizenship had any relenance 20:47 <+catphish_> *relevance 20:47 < devilspgd> It does. 20:48 < devilspgd> I'm in Canada, the GDPR doesn't cover me dealing with a US company. 20:48 < ||cw> isn't residency, not citizenship? 20:48 < devilspgd> But as I understand it if I were a EU citizen (or resided in EU somewhere) then my interactions would be covered. 20:49 <+catphish_> devilspgd: that seems wrong to me 20:49 <+catphish_> i'd expect it to apply to anyone who is physically inside the EU 20:49 < devilspgd> My loose understanding is that it covers all EU citizens and EU residents. But I could be wrong about the citizenship coverage (definitely it covers all cases where the person OR vendor is in the EU) 20:50 <+catphish_> that's correct 20:50 <+catphish_> although of course it's nonsense to enforce where the data processor is not in the EU IMO 20:50 < devilspgd> I'm definitely not an expert on the legal edgecases, but we're not really stressing about it, we expect to be GDPR compliant for all customers. 20:51 <+catphish_> well it makes sense to be compliant, and ultimately it's not that complicated, just just need to know exactly what data you hold, and why, and be able to retrieve / delete it 20:52 < devilspgd> catphish_: Exactly. It's mostly the "Delete it" that gets complicated. 20:52 <+catphish_> yep, that's where we had the most hassle 20:52 < devilspgd> But it's a good excuse to move a lot of legacy crud forward. 20:52 <+catphish_> becuse we tend to scatter user data across so many systems 20:52 < devilspgd> But we have no way to delete a customer record that has invoices attached, this orphans the invoices in a way that causes big issues. 20:53 < devilspgd> It'll all get solved. Eventually. 20:53 <+catphish_> yeah we had to fix things like that 20:53 <+catphish_> our invoices can now be orphaned :) 20:53 <+catphish_> so, back on the topic, you want to get a copy of a raw email sent by your system? 20:53 < devilspgd> That may not be enough though, our invoices contain customer names, addresses, etc (plus the link to the customer), so the data is still there. 20:53 < ||cw> devilspgd: you can keep the customer record, you just have the delete the identifiable data and replace it with a generic ID 20:54 <+catphish_> devilspgd: if it's on an invoice, you keep it, that's easy 20:54 <+catphish_> you don't delete data from invoices, that would be mad 20:54 < devilspgd> ||cw: Sure. But if the invoice includes a PDF and the PDF contains a customer's name, then we are retaining customer data. 20:54 <+catphish_> devilspgd: yeah you can do that 20:54 <+catphish_> and in fact you should, your country very likely has a legal obligation for you to retain invoices for a period of time 20:55 < devilspgd> We can only justify keeping invoices for a certain period of time (however long tax law requires), so eventually we will need to deal with deleting old invoices too. 20:55 < ||cw> ah, right, and there's were laws collide, but cause you have to keep that pdf 20:55 <+catphish_> the laws don't collide at all, GDPR is very clear that it's perfectly fine to retain that kind of data 20:55 < ||cw> will be fun to see GDPR actually challenged in court 20:55 < devilspgd> ||cw: No real conflict, as long as we have a business need to retain records, we can. Only once there is no longer a need do we need to be prepared to honour a deletion request. Plus it's a good excuse to delete old stuff that isn't really *needed* anymore. 20:56 <+catphish_> for as long as it's legally required, or you have a legitimate interest in doing so 20:56 <+catphish_> devilspgd: actually more than that, i believe you are required to delete data when you no longer need it, even without any request being made 20:57 <+catphish_> since your legal basis for retaining the data no longer applies 20:57 < devilspgd> catphish_: At some point, yes. But at least for now, we have a legitimate need to keep all customer records as future customers are eligible for discounts based on past history... Forever. 20:58 <+catphish_> devilspgd: seems like it's probably fine, so you just need to delete it on demand after the legal obligation to keep them expires 20:58 < devilspgd> Legal says it's probably maybe good enough to put off dealing with that problem for a little while longer. 20:58 <+catphish_> seems like you know what you're doing anyway :) 20:58 <+catphish_> more than most people i talk to about GDPR :) 20:58 < devilspgd> But we're definitely working toward ditching a lot of old data as soon as we possibly can without breaking all the things. 20:58 <+catphish_> we went through all this, threw away a lot of data we no longer needed, it was great really 20:59 <+catphish_> again, back on topic 20:59 <+catphish_> do you still need to get the content of this problematic email? 20:59 < devilspgd> It's just such a mess, customer data can be anywhere. Who knows who printed something they were working on, tucked it in a filing cabinet, quit, and the new employee at that desk has never even looked in their cabinet? 20:59 < devilspgd> catphish_: Maybe. I've got a couple things on the list of things to try now. 21:00 <+catphish_> ok :) 21:01 < devilspgd> A couple python scripts that have promise. Well one does since it supports STARTTLS. And socat, which is awesome but makes my brain hurt having to implement SMTP in general (not that we need to, we need just enough to work with this one system, but then I'm complaining about them only engineering "just enough to work" too, so...) 21:01 < devilspgd> But yeah, one of the two at least should be sufficient to solve the immediate "What is wrong with their email" problem :) 21:02 <+catphish_> devilspgd: you don't need STARTTLS 21:02 <+catphish_> devilspgd: if you are sending email out to customers, they may or may not support STARTTLS, so there's really no reason your test script should 21:04 <+catphish_> obviously, you benefit from (not very secure) encryption where the recipient does support it, but your mail server will happily send the email anyway if it doesn't 21:04 < devilspgd> One of those edicts from legal: Encryption must be enabled when available and optional encryption must not be disabled. I might be erring on the side of being overly cautious, but opportunistic email encryption is literally one of the examples of things that cannot be disabled. 21:05 < devilspgd> Either way, I have a couple options that do support it, so I'll start there. 21:05 <+catphish_> devilspgd: i think perhas you misunderstand... it's enabled on the sender, but if it's not supported on the recipient server it won't be used 21:05 < javi404> Anyone have uverse? 21:06 < javi404> is it like fios, can you use your own router directly connected to ONT? 21:06 <+catphish_> so if you don't support it on your test server, it simply won't be used, it's no different from sending to random customers' email servers 21:06 < devilspgd> No I totally understand that part. But if the sender and recipient both support it, then the data would have been encrypted in transit, so I can't go sending a plain-text copy across different networks just for me. 21:07 <+catphish_> devilspgd: sure, but i assume your test email won't contain anything secret 21:08 < devilspgd> I'm not confident we'll reproduce it with a test. I'm hoping so, but the delivery issues are intermittent and we don't get full SMTP errors back because why would a tool sending email log those? 21:08 <+catphish_> lol 21:09 < devilspgd> But we're moderately confident the emails are not being constructed properly and are rejected for those grounds based on the SMTP error numbers we do get. 21:09 <+catphish_> well you probably send unencrypted emails to customers, but that doesn't help 21:10 <+catphish_> so yeah, hopefully you can set up a test server and test properly, having to put tls on it seems mad, but hopefully you can do it 21:10 < devilspgd> So if we can't find any problems with test, we're going to just BCC the raw content to us and wait until an error happens, then work with the raw message body ourselves. Best of all we can test re-delivering at that point. (Different sender IP and such, but oh well). 21:11 < devilspgd> This vendor is "interesting", but actually decent to work with in the sense that if we find and explain a problem AND exactly what they need to fix, they do it promptly. 21:15 < longxia> devilspgd: is using postfix with smtpd_tls_loglevel=4 an option? See http://www.postfix.org/postconf.5.html 22:49 < ice9> Is there a way to give higher priority to Whatsapp calls through QoS in ADSL router? 22:58 < ||cw> ice9: if the router has QoS features you can configure, sure 23:00 < ice9> ||cw, how can i define specific traffic such as Whatsapp? 23:00 < ||cw> by port or destination ip address 23:00 < ||cw> same as anything else 23:01 < ice9> i don't have such choices but things like AF1x AF2x ,etc.. 23:02 < ice9> BE best effor forwarding / EF expedite forwarding 23:02 < ice9> effort* 23:02 < ||cw> that's just the priority 23:03 < ice9> yes that's all what i can configure for Qos, i can only specify percentage for each priority 23:03 < ice9> so what do you suggest? 23:05 < ||cw> there should be somewhere else to set some traffic or port to one of those priorities 23:06 < ||cw> I'd suggest reading the owners manual 23:07 < ice9> it's an old router without much options so i can't do that 23:08 < ice9> ohh i found traffic mapping! 23:08 < UncleDrax> are you sure? many many many manuals get archived online. some even offically and on the vendors website 23:08 < ice9> i can define rules 23:14 < jana> Hi, I was wondering if someone would be kind enough to help me debug a networking issue I have. I purchased a pair of DIRECTV DECA Ethernet to Coax adapters in order to gain full duplex 100Mb/s Ethernet to a HTPC I have which to playback full Blu-ray (48 Mbit/s) backups I have on a server, unfortunately I am unable to stream without frames dropping and buffering. 23:14 < jana> I ran a iperf test from a laptop (server mode) - it returned 94.1 Mbits/sec 23:14 < Apachez> try iperf 23:14 < Apachez> verify phy settings 23:14 < fly_agaric> do I need to delete phase 1 and 2 SAs if I make configuration changes in phase 1? 23:14 < Apachez> if 100Mbps then try to set static 100/F at both ends 23:14 < fly_agaric> its a site to site vpn 23:15 < fly_agaric> vpn phase 1 is not working and i only have control of my firewall 23:16 < UncleDrax> Apachez: .... 23:16 < Apachez> then remove the sa's and let it reneg? 23:16 < UncleDrax> jana: possible it's a issue with the encoding/decoding.. have you tried it back-to-back or something to eliminate that? if you're getting 94Mbit via iPerf, then you know the DECA stuff is working right 23:17 < UncleDrax> or it should be 23:17 < fly_agaric> Apachez: okay so i need to remove the sa on both sides right? 23:17 < Apachez> one end should be enough 23:17 < Apachez> to start reneg 23:18 < fly_agaric> okay then i dont understand why i cannot enter phase 2 23:18 < jana> Apachez>: What is "static 100/F", apologizes, somewhat of a layman when it comes to networking 23:18 < fly_agaric> all parameters in my vpn debug are equal like Encryption Algorithm, Key Length, Hash Algorithm, Authentication Method, Life Type,Group Description and Life Duration 23:19 < jana> : It's not an encoder/decoder issue as if I playback from the gig Ethernet they stream just fine 23:19 <+pppingme> jana most likely means 100mb/s at full duplex 23:21 < ||cw> jana: is the stream TCP or UDP? did you perf test in UDP too? 23:21 < UncleDrax> is deca half? 23:22 < jana> : Oh yes, of course, I agree that's what Apachez meant 23:22 < UncleDrax> guess maybe it has to be since it's a coax plant.. 23:22 < jana> This is the product - https://www.amazon.com/PACK-Broadband-Ethernet-Generation-Supplies/dp/B01AYMGPIO 23:23 < jana> This unit can be used to run Ethernet over existing coax cable. The DECA network is a shared 200Mb/s, or the same speed as full duplex 100Mb/s Ethernet. 23:23 < Apachez> use iperf to verify performance 23:23 < Apachez> could also be that your coax only does half duplex 23:24 < Apachez> so you need to configure it into 100/H 23:24 < jana> <||cw>: It uses a Samba/CIFS share - so I think it uses a mix of TCP and UDP, the iperf test I ran was only TCP 23:25 < Apachez> well there ya go 23:25 < Apachez> sambo/cifs is usually shitty when it comes to performance 23:25 < Apachez> all sort of trouble to configure it properly 23:25 < Apachez> cant you use http or such instead? 23:25 < Apachez> since your mediabox will mostly download movies and not upload them? 23:26 < UncleDrax> well if it's for playing media... 23:26 < jana> The share works just fine over Ethernet? 23:27 < jana> Yes, it's only for streaming 23:28 < jana> iperf returned the following - [ 4] 0.0-10.0 sec 113 MBytes 94.1 Mbits/sec 23:30 < UncleDrax> outa curiousity, if you let it run longer, does the performance tank? also can/have you run it bidir? 23:32 < jana> : Will try now and report back, I will set the time for 2 minutes? 23:34 < UncleDrax> i don't know enough about the particularities of traffic for SMB streaming for large content.. but i'd prob try like.. 5-10min. just to see what it does. should only cost you time 23:34 < UncleDrax> that said, I also don't know what kind of overhead using SMB causes. 23:35 < ||cw> smb causes a lot of overhead 23:35 < brentaarnold> Anyone got an opinion on the Brocade/Ruckus ICX switches? 23:35 < UncleDrax> tbh, if you can graph traffic on the devices (the DECAs or the ports you have attached to them) you should be able to tell if it's using your full 90+Mbit or not 23:35 < ||cw> my last cheapy nas would iperf at 800Mbps, and smb at 150 23:35 < UncleDrax> brentaarnold: i have some.. but never logged into them. so honestly couldn't tell you. 23:36 < brentaarnold> Haha, meaning they always work? 23:36 < UncleDrax> brentaarnold: no, I mean most are sittig in boxes waitint to be turned on for projects. 23:36 < brentaarnold> UncleDrax I see 23:36 < UncleDrax> ||cw: ya, every now and again I get a customer that wants to proof circuit CIRs by using windows file copy metrics.. yes.. it makes me want to become a hermit 23:37 < djph> UncleDrax: you mean I can't test my circuit with windows file copy? 23:37 < UncleDrax> djph: I will answer your question in approximately 10.. 5.. 25.. 10985....2 minutes. 23:38 < djph> bahhahahaha 23:40 < jana> [ 4] 0.0-120.1 sec 1.32 GBytes 94.1 Mbits/sec 23:41 < jana> I can run a longer test, but that looks good 23:41 < UncleDrax> jana: ok that seems good. no wonky pattern? no packet loss? 23:41 < UncleDrax> oh right i'm thinking visuals ones 23:41 < UncleDrax> but that should be constant then for the CLI one right? 23:41 < jana> Nope, nothing else reported back, or do I have to turn on a verbose flag to see those? 23:42 < UncleDrax> I haven't used the CLI version that often.. i'll defer to someone else 23:42 < UncleDrax> 1800 almost.. so time for me to get going anyway. gluck 23:42 < jana> Which visual ones are those? 23:42 < jana> No worries, thanks for trying to help 23:43 < UncleDrax> i've used jPerf.. jsut a java GUI for iPerf.. only good thing is it has a pretty graph for people to look at 23:44 < jana> Oh I see, will take a look at that too 23:45 < UncleDrax> (these days I use test-sets for that sorta thing though) 23:57 < jana> Settings for enp2s0: 23:57 < jana> Supported ports: [ TP MII ] 23:57 < jana> Supported link modes: 10baseT/Half 10baseT/Full 23:57 < jana> 100baseT/Half 100baseT/Full 23:57 < jana> 1000baseT/Half 1000baseT/Full 23:57 < jana> Supported pause frame use: No 23:57 < jana> Supports auto-negotiation: Yes 23:57 < jana> Supported FEC modes: Not reported 23:57 < jana> Advertised link modes: 10baseT/Half 10baseT/Full 23:57 < jana> 100baseT/Half 100baseT/Full 23:57 < jana> 1000baseT/Full 23:57 < jana> Advertised pause frame use: Symmetric Receive-only 23:57 < jana> Advertised auto-negotiation: Yes 23:57 < jana> Advertised FEC modes: Not reported 23:57 < jana> Link partner advertised link modes: 10baseT/Half 10baseT/Full 23:58 < djph> ew, that's so slow. --- Log closed Fri Jul 06 00:00:27 2018